In many payment processing scenarios for payment card transactions, authorization requests are routed from the initial merchant point-of-sale and then, sometimes via an acquirer, on to a payment processor. The payment processor, in communication with an issuer of the payment card, will process the transaction and return a response to the merchant and/or acquirer. In some traditional systems, the point-of-sale terminal would authenticate the payment card prior to the submitting of the authorization request to the payment processor. However, in some systems, particularly transactions taking place through the Internet, the payment card may not be authenticated prior to the submission of the authorization request. In such an instance, the payment processor may be at risk to receive attacks, attempts at fraud, or a large number of improper transactions due to the non-authentication of the payment card purported to be involved in the authorization request.
Some methods that have been designed to protect the payment processor in such a situation include wrapping the authorization request using an encryption wrapper. However, such wrapping can be cumbersome to the payment processor, and to other parties involved in the transaction. Such methods often require additional steps to be performed as part of the processing, and furthermore may be unable to be performed using existing systems. Accordingly, there is a need for a technical solution to authenticate a payment card in a payment card transactions that does not require modification of legacy payment systems.